Forgot your password?
typodupeerror
Security Hardware Linux

Hiding Backdoors In Hardware 206

Posted by Soulskill
from the hamster-escape-route dept.
quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."
This discussion has been archived. No new comments can be posted.

Hiding Backdoors In Hardware

Comments Filter:
  • by mlts (1038732) * on Friday October 29, 2010 @12:13PM (#34063732)

    A good example of this is Lojack for Laptops to see about having stuff in hardware be able to keep a program installed and hidden.

  • It sounds like a technique that a random hacker won't do. That is a bunch of work to get that going on a user's system. By that, I mean you are modding a rom on something on the pci slot. So unless you are fixing their pc, it will hard to make an excuse as to why you are opening up their machine when they wanted some anti-virus installed.
    • Re: (Score:3, Insightful)

      by ByOhTek (1181381)

      So unless you are fixing their pc, it will hard to make an excuse as to why you are opening up their machine when they wanted some anti-virus installed

      You haven't dealt with the average end user much have you? Probably less than 1% would be worried/suspicious. Of those that said anything, the answer "Oh, the antivirus has a special piece of hardware that it uses to prevent it from being disabled by viruses..." would suffice.

    • Re:Not bad but.. (Score:5, Interesting)

      by mlts (1038732) * on Friday October 29, 2010 @12:26PM (#34063942)

      This could be what malware could do. Take some of the newer botnet clients that have modules for everything, be it trying to climb out of a VMWare machine, try to get around sandboxie, or other items. Malware could try to find items that are flashable, and reflash them with code for hooks to malware, or even worse an active keyboard logger. It was mentioned a while back in a previous /. article about a major computer maker with keyboard HIDs that were flashable with new code. So, if one got root on the box, it wouldn't be hard to reflash the keyboard with a keylogger that could store keystrokes, or just send them as packets to the blackhat's site.

      Other than cellphone makers, a lot of devices really don't put much in the way of protecting their BIOS against rogue code, so it isn't farfetched to reflash a sound card, a NIC, a Northbridge/Southbridge controller, a video card, motherboard BIOS, or any other subsystem with malicious programming.

      • Re: (Score:2, Interesting)

        Remember when the Pentium chip was first released and there was a flaw found in the processor? The flaw was most commonly demonstrated in something like the eleventh decimal place in a mathematical calculation which could be made inside an Excel spreadsheet. Intel released a firmware fix that compensated (obviously they were not about to recall, retool, and replace all of thsoe chips). That sort of hardware "flaw" exists in almost any hardware chip of sufficient complexity. I believe it is a mathematica

        • Re:Not bad but.. (Score:5, Informative)

          by MerlynEmrys67 (583469) on Friday October 29, 2010 @01:00PM (#34064406)
          Ok - time for a few corrections
          1) First Intel (after initially responding poorly to the bug) fully recalled the product without question. If you had a processor in question, you could ask for and recieve a replacement. Please see http://en.wikipedia.org/wiki/Pentium_FDIV_bug [wikipedia.org]
          2) The flaw was caused by a bad division lookup table, not the mathematical nuance of binary logic gates. What I think you are trying to describe is the fact that floating point numbers are not percise, and you never compare them directly, only compare if they are within a small delta of each other.
      • by jonsmirl (114798)

        You don't need to be root to do this. If a graphics card manufacturer is complicit, they could hide code on the card that is triggered by a special image. This image would tell the GPU to alter the PCI expansion boot ROM code for the card long enough to insert a hook. Then wait for a reboot, insert the hook, and put the expansion ROM back the way it was. Anything you put into a bus slot of a PC could pull this trick with various signalling mechanisms.

        • by dgatwood (11270)

          That's all WAY too complicated. All you have to do is put extra hardware/firmware into a network card that checks for a specific magic byte sequence in an ICMP packet, then verifies a checksum of the rest of the packet, and if both check out, interprets the packet as a command to read or write the appropriate portion of memory (IIRC, the entire physical address space of the machine is accessible from a PCIe card, generally speaking) and transmit the data as needed in a properly formatted response packet.

      • Re: (Score:3, Interesting)

        by Mashiki (184564)

        I mentioned to people about 2 years ago that malware would start moving in that direction(i.e. flashing nvram, etc). People called me crazy. This will become the new reality once EFI becomes the norm.

    • you don't need to open the case to flash a a rom.

    • by Nikker (749551)
      Just have to be on the same LAN after hardware exploits allow control via routable packets. http://it.slashdot.org/story/10/03/27/2145255/Remote-Malware-Injection-Via-Flaw-In-Network-Card?from=rss [slashdot.org]

      So exploit NIC using routable packet, use DMA to grab CPU, use CPU to exploit ROM, use ROM to dupe packets with forged header to remote survey location, etc,etc.
    • by Jeng (926980)

      It's been done before.

      http://www.editinternational.com/photos.php?id=47ddf19823b89 [editinternational.com]

    • by Peeteriz (821290)

      It sounds like something that's hard to do for an individual PC but trivial to do for millions of PC's - random guy in some factory in China, Indonesia, or Taiwan modifies the rom image that is put on some cheap device - say, some ethernet or sound chip that goes on generic motherboards, and voila - it's done.

          And nobody would know if that was done for some intelligence agency or simply to sell a botnet for cash..

    • True, but it seems like the point of this is that hardware is usually viewed as an immutable in the virus vectors, but if someone gets a hold of container of PCI cards coming over from Taiwan they could cause a lot of trouble with them..

    • by camperslo (704715)

      It sounds like a technique that a random hacker won't do. That is a bunch of work to get that going on a user's system. By that, I mean you are modding a rom on something on the pci slot.

      Quite a bit of hardware has firmware in flash memory instead of ROM.

      For popular hardware, something might easily be passed off as part of an update.
      Who would know if something sinister was part of a firmware update for your optical drive or video card? Flash is very convenient for manufacturers. It does seem like a good i

    • by SQLGuru (980662)

      Until you realize that some unattended laptops don't even need to be opened to access the PCI bus. http://en.wikipedia.org/wiki/ExpressCard [wikipedia.org]

      the ExpressCard's direct connection to the system bus over a PCI Express ×1 lane

    • I don't think the concern is an after-market cracker doing it. I think the concern is that if it can be done after-market then that proves it can also be done by the original manufacturer of the hardware. I don't put it past OEM's to make backdoors for themselves.

  • Undetectable? (Score:5, Insightful)

    by countertrolling (1585477) on Friday October 29, 2010 @12:21PM (#34063850) Journal

    What, you can't sniff the traffic going in and out of your machine?

  • by Samantha Wright (1324923) on Friday October 29, 2010 @12:22PM (#34063868) Homepage Journal

    Wikipedia, as linked in the summary: "Its secure government communications work has involved the NSA in numerous technology areas, including the design of specialized communications hardware and software, production of dedicated semiconductors (at the Ft. Meade chip fabrication plant), and advanced cryptography research. The agency contracts with the private sector in the fields of research and equipment."

    Spectrum IEEE: "The DOD also maintained its own chip-making plant at Fort Meade, near Washington, D.C., until the early 1980s, when costs became prohibitive." [ieee.org]

    I'm betting this statement is now bullshit.

    • By which I mean the summary is in error.
    • by smellsofbikes (890263) on Friday October 29, 2010 @12:49PM (#34064290) Journal

      Wikipedia, as linked in the summary: "Its secure government communications work has involved the NSA in numerous technology areas, including the design of specialized communications hardware and software, production of dedicated semiconductors (at the Ft. Meade chip fabrication plant), and advanced cryptography research. The agency contracts with the private sector in the fields of research and equipment."

      Spectrum IEEE: "The DOD also maintained its own chip-making plant at Fort Meade, near Washington, D.C., until the early 1980s, when costs became prohibitive." [ieee.org]

      I'm betting this statement is now bullshit.

      I dunno about the NSA, but I do know that *my* semiconductor fabrication company has a dedicated military fab line in California, and if the DoD orders a simple voltage regulator and is willing to pay for the extra cost, the fab goes through the layout, makes sure it's good, and runs it and packages it in a secure facility. I've not *seen* this, but coworkers have been in the fab and said that where most engineers in our company have Dilbert cartoons up, everyone in that facility has posters of military aircraft -- that it's like a military facility inside our company. Apparently they have full production capability: silicon design, fabrication, packaging, applications engineering, test engineering, and production engineering.

      I know my company's aversion to spending money. They wouldn't *do* this unless it was economically profitable, which means we're actively pitching our secure fabrication capability to buyers, so anyone who is buying compromised hardware is doing so knowing the risk.

    • there are also a very limited number of secured chip fabs in the US, plants in which security is so well controlled that they are licensed to produce sensitive silicon for the government. IBM's fab in North Burlington is known to be one of them. you used to find all sorts of custom logic with IBM on the top in things like ethernet cards and video chipsets and the like. no more. no capacity.

  • by trifish (826353)

    So what exactly is new here? I thought most ./ readers already knew that you have to trust the hardware you use...

    • by SmallFurryCreature (593017) on Friday October 29, 2010 @12:39PM (#34064114) Journal

      Your right, this is well known... but not by everybody. Every minute new babies are born... grow up and have the told everything that everyone already knows, because they don't.

      So every second, new slashdotters come on and have to learn that yes, you have to be able to trust the hardware you use for security to mean anything. See, you ALREADY left a IMPORTANT part out. You say "you have to trust your hardware", this implies that you just have no choice but to trust it. In reality, you got to ask yourself, who designed the hardware I am relying on and can they and their suppliers/contractors be trusted. Answer: rarely. Reality is that most of us just ain't intresting enough to monitor at high levels.

      This always amuses me with people at say Freenet. All of them seem so pampered in our western nations they can't conceive of how a true dictarorship can work. Encrypt? Who sold you that CPU that is doing the encryption? Darknet? When all the traffic flows through a government router. This is naive as saying that when you plug your lights straight into the grid, before the meter, the electricity company (the state) won't know about the 100 watt light streaming out of your windows...

      Fact: there are those who would like to spy. Fact: A good method is to get the place you want to spy on to have a device inside, you control and can use to get data out. Fact: Those who wish to spy, make PC's that are brought into the places that they want to spy on and contain the data they wish to get.

      If the Chinese AIN'T doing this, they are either afraid the west (and their own people) check all their hardware, ain't all that intrested because there are methods less likely to risk their trade or they are really stupid.

      The Chinese ain't stupid and the west doesn't check all the time. Leaves that China doesn't want to risk trade by making their products suspect if just one nerd with a packet sniffer finds something.

      It is worth keeping in mind however that the risk is there. Can the US afford to loose more and more of its chip production? We already saw what happens with rare earth materials. This stuff is all over the globe, the US got piles of it, Russia is drowning in it BUT it all seemed so easy to have ONLY the Chinese invest in mining it. Now the rest of the world needs years to get their own production up to scratch.

      Say China starts a war (against Russia for resources) today... how long can the US afford to get its war production up to speed without Chinese/Taiwanese goods? Goods that might at the flick of a switch all contain spyware?

      Gosh, maybe some generals should play Civ a bit more. See how things can change on a single turn.

  • by ArcRiley (737114) <arcriley@ubuntu.com> on Friday October 29, 2010 @12:22PM (#34063874)

    You don't even have to go to this great of a length; if you want to root Linux machines, release a proprietary driver in the form of a binary Linux kernel module and watch as your customers blindly install it.

    This is one reason why we should insist on the source code to all firmware - or reverse engineer write new firmware ourselves.

  • undetectable backdoor inside hardware.

    This perhaps explains why the NSA has its own chip fabrication plant.

    If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?

    • In your scenario, the "broke in." Under everyday circumstances, I might not search my desktop for extra parts, but if I find a broken window/door. I might search my apt a little more rigorously.

      • Nah, if they really did it, they would just key in. You would never know they had been there.
    • Re:The NSA (Score:4, Funny)

      by H0p313ss (811249) on Friday October 29, 2010 @12:37PM (#34064088)

      undetectable backdoor inside hardware.

      This perhaps explains why the NSA has its own chip fabrication plant.

      If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?

      Now here's a good reason to use an iPad or macbook.

      • by IICV (652597)

        If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?

        Now here's a good reason to use an iPad or macbook.

        ... because then the NSA won't have to break in?

        I mean, Apple almost certainly keeps track of everything you do on iTunes, the App store, and probably has all sorts of app instrumentation available that's either already on or can be turned on. And on the MacBook front, who knows what they could turn on if they were asked nicely? Almost all the software yo

    • by Manfre (631065)

      Yes. My case has a window and it has no empty pci slots.

    • If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?

      Protip: The NSA doesn't do any real field work such as what you describe. If such a scenario were to happen it would be done by the FBI or the CIA. You seem to have fallen for the wildly inaccurate portrayal of the NSA from Hollywood and TV.

    • I carry my laptop with me almost always. Not because I'm paranoid, it's just useful.

    • Yes, because most of my systems don't have PCI slots. It would definitely be noticeable.

    • by JWSmythe (446288)

      In my home machine? As a matter of fact, I would. It has a clear side, and an illuminated fan. I didn't get it for that purpose, it was just the cheapest case that the store had, that would do the job. It sits where I can see the inside of it while I'm using the computer. It only sits where I can see it, because it was the only place to put the machine. It is helpful to glance in to see if there is dust in the heatsinks or fans.

      I know every wire and component that is supp

      • by jimicus (737525)

        IIRC there's some evidence to suggest that they're just as able to plant a software backdoor as a hardware one.

        • by JWSmythe (446288)

          Nah, they'd never do that. :)

          Really, my sympathies to them if they do. I kinda of habitually switch drives, wipe them out and do clean installs of different OS's, etc, etc. Their best best for finding out what I know is either bugging the rooms (even easier tech). Or the classic no-tech abduction and interrogation. Oh, I mean detaining a potential person of interest and questioning. :)

          Hmm, is that silent black helicopters I hear hovering overhead? Let me go

    • I would but then I am a passively cooled open case kind of guy.

    • by hAckz0r (989977)

      If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?

      They don't need to. Its very likely your machine has a re-flashable bus controller, CPU microcode, GPU, or a network controller card installed, so the PCI slot device is really a moot point from the sited article. Each device has its own processor and flash memory used to (re)program it. If it has direct access to the hardware bus or any devices DMA controller it can modify your kernel on the fly. No "sp

  • by alen (225700) on Friday October 29, 2010 @12:32PM (#34064024)

    everyone knows it's easy to slip backdoors into hardware, but hiding it is the hard part. every fabless chip maker does spot checks of their products and will find these backdoors. at the very least they will find that the shipping products aren't like the ones they designed with extra circuits.

    anyone with data that's worth keeping secret will have it behind firewalls and all kinds of security appliances that will start flashing alerts if there is traffic to a high risk geographic area

    • by Manfre (631065)

      The same way viruses on usb keys slip past QA.

    • Re: (Score:3, Insightful)

      You don't: you own the whole chain. There are plenty of companies that are now wholly Chinese—consider, for example, that the NASA crew on the ISS uses Lenovo T61p Thinkpad laptops for all of their personal computing needs. There's no QA going on there that Lenovo can't control or manipulate if the Chinese government covertly asks them to. The chips involved in making the system never get shipped across the ocean prior to final assembly.

      Furthermore, who says you can't slip the modified chip in at t
      • Re: (Score:3, Informative)

        by alen (225700)

        i've worked for Uncle Sam for 9 years. the government buys their IT crap from CDW and the same companies corporate america buys from. one time i tried to order laptops direct from Dell and it took months of getting special permission to get it done.

        and the government buys their IT crap little by little like everyone else. a PC here, a server the next month. a few servers and storage a few months later when there is money. one time they bought layer 2 switches in the 1990's which sat around for over a year b

        • They use CDW-G, not CDW. Same company, but differnet branches, which would make it easier to carry off the above attack.
    • by TheLink (130905)
      For many companies, QA is unleashing the product to unsuspecting customers.
    • by orasio (188021)

      everyone knows it's easy to slip backdoors into hardware, but hiding it is the hard part. every fabless chip maker does spot checks of their products and will find these backdoors. at the very least they will find that the shipping products aren't like the ones they designed with extra circuits.

      anyone with data that's worth keeping secret will have it behind firewalls and all kinds of security appliances that will start flashing alerts if there is traffic to a high risk geographic area

      That's funny.
      You mean that I shouldn't mind if my servers phones home to a low risk geographic area, but they should raise an alter if they ever get hits from Nigeria or some other foreign country? (Disclaimer: I live in foreignland, too)

      • by nospam007 (722110) *

        "they should raise an alter if they ever get hits from Nigeria or some other foreign country?"

        Only if the royalty bit (at offset 419) is set in the case of Nigerian data.

    • QA is a process of verifying that the part performs to specs. Unless there is a spec which says that "this part will not install malware" they aren't going to look for it. QA is generally an overworked and underappreciated function of a large manufacturer and they don't have time to do extra.

      In addition, in most any company large enough to have a real QA department, the QA folks operate under a strict regime of policies, procedures and audits to verify such. Which means they aren't really allowed to scre

  • The NSA has their own chip fab plant - I bet they've been doing this for years (embedding their own backdoors in the h/w). How better to manage hardware assets that are compromised in the field?

  • Always terrifies me at the bank.. bunch of Lenovo Peecees, running windows. But when I think about it, what could China steal from us that we haven't been just throwing at them anyways?
  • If you're going to the trouble of messing with PCI hardware, I'm sure one of these tiny circuits [macetech.com], which can be hidden in a USB socket, could be used to take over a machine remotely much more easily. Adding radio remote access would be pretty easy.

  • I've been talking about this possibility for a long time and it has fallen largely on deaf ears. Here, now, we have a proof of concept (or at least practically a POC) for a irremovable attack vector. I've stopped using 2nd hand hardware because I saw the possibility for these sort of shenanigans. I also remember reading a forum where people were attempting to "repair" bad DIMMS by overwriting the firmware with different revisions. If that is the case, then could this method be extended to utilize a SO-DIMM
  • What's worried me for some time are the various "remote maintenance" schemes built into network controllers. See, for example, Intel's "Active Management Technology" [intel.com]. This is Intel's successor to the Intelligent Platform Management Interface. [wikipedia.org] These have a protocol stack built into the network board, with connections to other parts of the system strong enough to power the machine on and off, patch the disk, and do other drastic system changes. AMT is easier to attack from a distance than IPMI; it uses SO

    • Keep in mind that in order to connect, you need to get through a firewall, which means you need an explicit allow entry, and if youre running NAT (which tbqh I dont see why the workstations WOULDNT be natted) you also need an explicit forward rule (all this precludes uPnP, but really who would have THAT enabled ;) ).
  • Resistance is futile. It was true back then, and still true today.
  • and use coreboot instead
    there's no need to execute rombios to load drivers for dead OSes when the linux kernel has all required drivers.

  • by dwheeler (321049) on Friday October 29, 2010 @01:46PM (#34065136) Homepage Journal
    The "trusting trust" attack is a nasty attack, but there is a counter-measure. Diverse double-compiling [dwheeler.com] can detect compiler executables subverted by the "trusting trust" attack. See my paper for more, if you're curious.
    • by sco08y (615665)

      Very interesting... After I read the trusting trust paper, I figured the only counter was a clean-room bootstrapping. But if I understand it correctly, DDC is something a motivated hacker could manage.

      I suspect the OpenBSD guys are going to love this.

  • If companies are concerned that fabrication contractors might be putting backdoors right onto the silicon, then maybe they should require that the masks for the chips be returned, and do random spot testing to see if they match up. Then they can be assured that the chips they had contracted out comply to their design. Obviously this wouldn't work if designing was also contracted out, though.
  • I love how all this is called "undetectable". When you could pick it up with a simple network monitor.
    • by ifrag (984323)
      What if your network monitor is infected with an exploit in the hardware? One that just happens to make the other one effectively invisible as it neglects to show anything about it. At some point you have to point to a piece of hardware and know for certain there is nothing funny about it.
  • that is where the espionage software sits nowadays. Echelon was far too expensive.

    A Trojan Boot Loader in the Firmware and the serial number known to the NSA.

    hey this people have something interesting? whats the serial No of their routers?

    Lets send them via Google some Search routine which monitors their in-house traffice.

    -

    BTW HP hardware has nice little chips which can not be switched off by the BIOS!

    Andf I guess some other vendors have it too!

  • I once met a former colleague of theirs at a trade show. He told me that they had actually put the backdoor into the C compiler. They had been receiving calls at all hours from executives who demanded that systems be fixed ASAP but did not know the root login information. The backdoor set up a predefined root account whenever compiling a program named "login". It enabled them to get in and do the fixes without needing to contact the system administrators.

  • Subversionhack
    From one of my previous posts:

    http://slashdot.org/comments.pl?sid=1821502&cid=33910412 [slashdot.org]

    You have to realize, as myself and (my) a team of researchers have (finally) dug up, this is not new, nor unique.
    follow the link, which leads to other links - you'll see that this has gone from "you're insane", to "wow, they really can do that". in about three years.
    As the details trickle out it becomes more insidious as to "the ends to which means" we're dealing with.

    I'm happy people have quit discountin

  • Thats not hiding it in the Hardware. A ROM is software and can be quite easily verified. Hide it in the design of some FSM, reacting on specific sequences, where you can overwrite data in the HWs RAM and control the PCI bus; that will not take more than thousand gates extra (you dont need to be fast) to do it. Unless somebody reverse-engineers the chip in detail, and maybe not even then, it will not be detected. If you do it right, you can even hide which code is necessary to access it.

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.

Working...